The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Many types of organizations today rely on networked systems of computing devices for an increasingly wide variety of business operations. These networked systems often include computing devices ranging from various types of endpoint devices (for example, desktop computers, workstations, laptop computers, tablet devices, and mobile devices) to network devices and other components (for example, routers, firewalls, web servers, email servers, and so forth). The reliance on these types of systems has placed great importance on the ability to secure systems against internal and external security threats such as malware, viruses, and network-based attacks.
Organizations commonly use security information and event management (SIEM) software, endpoint threat detection and response (ETDR) applications, and other similar applications to monitor computer networks for occurrences of potential security threats. However, security threats are often multi-layered (for example, involving many different types of applications, types network activity, and so forth) and may implicate many separate components within a networked system. Efficiently detecting sophisticated network security threats and remediating threat occurrences in these environments with existing security applications remains a challenge.